Ubuntu: Install PiHole

From OnnoWiki
Jump to navigation Jump to search

How to Install & Configure Pihole on Ubuntu 20.04 1. Installation – Run these commands:

  1. sudo apt-get install gamin -y

sudo curl -sSL https://install.pi-hole.net | bash – Possible problem: lighttpd service not running (when gamin has not been preinstalled) – Fix: run these commands

sudo pihole uninstall rambo@pihole:~$ sudo pihole uninstall [?] Are you sure you would like to remove Pi-hole? [y/N] y [✓] Root user check [✓] Update local cache of available packages [i] Existing PHP installation detected : PHP version 7.4.3 [i] Be sure to confirm if any dependencies should not be removed [i] The following dependencies may have been added by the Pi-hole install: dhcpcd5 git iproute2 whiptail dnsutils cron curl iputils-ping lsof netcat psmisc sudo unzip wget idn2 sqlite3 libcap2-bin dns-root-data libcap2 lighttpd php7.4-common php7.4-cgi php7.4-sqlite3 php7.4-xml php7.4-json php7.4-intl [?] Do you wish to go through each dependency for removal? (Choosing No will leave all dependencies installed) [Y/n] n [✓] Removed Web Interface [✓] Removed /etc/cron.d/pihole [✓] Removed lighttpd configs [✓] Removed config files [i] Removing pihole-FTL...Failed to stop pihole-FTL.service: Unit pihole-FTL.service not loaded. sudo apt-get update -y sudo apt-get upgrade -y sudo apt purge lighttpd -y

  1. sudo pihole -r
  2. useradd -G pihole pihole

sudo apt-get install gamin -y curl -sSL install.pi-hole.net | sudo bash 2. Follow the wizard to complete the installation Hint: simply by pressing enter or <ok >repeatedly until reaching this screen


3. Configure firewall

  1. Adding firewall rules per pihole prerequites https://docs.pi-hole.net/main/prerequisites/
  2. sudo iptables -I INPUT -p tcp --dport 53 -j ACCEPT
  3. sudo iptables -I INPUT -p udp --dport 53 -j ACCEPT
  4. sudo iptables -I INPUT -p udp --dport 67 -j ACCEPT

sudo iptables -I INPUT -p tcp --dport 80 -j ACCEPT sudo iptables -I INPUT -p tcp --dport 4711 -j ACCEPT sudo iptables -I INPUT -p tcp --dport 4712 -j ACCEPT sudo iptables -I INPUT -p tcp --dport 4713 -j ACCEPT sudo iptables -I INPUT -p tcp --dport 4714 -j ACCEPT sudo iptables -I INPUT -p tcp --dport 4715 -j ACCEPT sudo iptables -I INPUT -p tcp --dport 4716 -j ACCEPT sudo iptables -I INPUT -p tcp --dport 4717 -j ACCEPT sudo iptables -I INPUT -p tcp --dport 4718 -j ACCEPT sudo iptables -I INPUT -p tcp --dport 4719 -j ACCEPT sudo iptables -I INPUT -p tcp --dport 4720 -j ACCEPT sudo ip6tables -I INPUT -p udp --dport 547 -j ACCEPT

  1. DHCP Server:

sudo iptables -I INPUT -p tcp --dport 67 -j ACCEPT sudo iptables -I INPUT -p udp --dport 67 -j ACCEPT

  1. DHCP client/relay

sudo iptables -I INPUT -p tcp --dport 68 -j ACCEPT sudo iptables -I INPUT -p udp --dport 68 -j ACCEPT

  1. DHCP Failover partners

sudo iptables -I INPUT -p tcp --dport 647 -j ACCEPT

  1. DNS

sudo iptables -I INPUT -p tcp --dport 53 -j ACCEPT

  1. Grant Pihole TCP:53 access to localhost

sudo iptables -A INPUT -s 127.0.0.0/8 -p tcp -m tcp --dport 53 -j ACCEPT

  1. Allowing a traffic from a certain subnet

iptables -A INPUT -s 10.10.10.0/22 -j ACCEPT

  1. iptables -D INPUT -s 10.10.10.0/22 -j ACCEPT # Reverse previous command
  1. Save firewall rules

sudo sh -c "iptables-save > /etc/iptables/rules.v4" sudo sh -c "ip6tables-save > /etc/iptables/rules.v6"

  1. Fixing startup conflicts between iptables & netfilter-persistent
  2. sudo systemctl edit netfilter-persistent.service

vim /etc/systemd/system/netfilter-persistent.service.d/iptables.conf

      1. Verify this content ###

[Unit] Conflicts=iptables.service ip6tables.service

      1. Modify content and save file ###

[Unit] After=iptables.service ip6tables.service ufw.service 4. Check service status rambo@pihole:~$ service lighttpd status ● lighttpd.service - Lighttpd Daemon Loaded: loaded (/lib/systemd/system/lighttpd.service; enabled; vendor preset: enabled) Active: active (running) since Fri 2020-12-04 22:43:12 PST; 10min ago Main PID: 32359 (lighttpd) Tasks: 6 (limit: 4615) Memory: 10.0M CGroup: /system.slice/lighttpd.service ├─32359 /usr/sbin/lighttpd -D -f /etc/lighttpd/lighttpd.conf ├─32393 /usr/bin/php-cgi ├─32396 /usr/bin/php-cgi ├─32397 /usr/bin/php-cgi ├─32398 /usr/bin/php-cgi └─32399 /usr/bin/php-cgi

Dec 04 22:43:12 pihole systemd[1]: Starting Lighttpd Daemon... Dec 04 22:43:12 pihole systemd[1]: Started Lighttpd Daemon. rambo@pihole:~$ service pihole* status ● pihole-FTL.service - LSB: pihole-FTL daemon Loaded: loaded (/etc/init.d/pihole-FTL; generated) Active: active (exited) since Fri 2020-12-04 22:43:14 PST; 18min ago Docs: man:systemd-sysv-generator(8) Process: 32518 ExecStart=/etc/init.d/pihole-FTL start (code=exited, status=0/SUCCESS)

Dec 04 22:43:14 pihole systemd[1]: Starting LSB: pihole-FTL daemon... Dec 04 22:43:14 pihole pihole-FTL[32518]: Not running Dec 04 22:43:14 pihole su[32536]: (to pihole) root on none Dec 04 22:43:14 pihole su[32536]: pam_unix(su:session): session opened for user pihole by (uid=0) Dec 04 22:43:14 pihole su[32536]: pam_unix(su:session): session closed for user pihole Dec 04 22:43:14 pihole systemd[1]: Started LSB: pihole-FTL daemon. 5. Configuration Pihole Control Panel: http://piholeServerIp/admin Ad Lists: https://firebog.net https://hosts.oisd.nl https://github.com/mmotti/pihole-regex/blob/master/regex.list Test dig @<piholeServerIp> blockedsite.com Flush dns sudo systemd-resolve --flush-caches # Ubuntu service nscd restart # Redhat ipconfig /flushdns # Windows Blacklist – regex blocks Youtube ads: .*sn-\S{4,}-\S{4,}\.googlevideo\.com Youtube.com: (\.|^)(youtu\.?be.*|googlevideo\.com)$ Change admin password sudo pihole -a -p 6. Troubleshooting Issue: ‘DNS Service Not Running’ Resolution 1: pihole checkout master Resolution 2: re-install pihole

 – Backup: pihole -a teleporter
 – Move backup file: copy the tar.gz file from current directory $(pwd)/*.tar.gz to desktop where Internet browser is available for the restoring step
 – Uninstall: pihole uninstall
 – Reinstall: sudo apt install pihole
 – Restore settings: Login into Pi-hole > Settings > Teleporter > Under Restore, click Choose File > pick the backup file in tar.gz format > open > click Restore > OK

Resolution 3:

– Run debug: pihole -d
– Grant Pihole TCP:53 access to localhost: sudo iptables -A INPUT -s 127.0.0.0/8 -p tcp -m tcp --dport 53 -j ACCEPT

Resolution 4: Set the watchservice script to ensure that pihole is running at all times Issue: unable to reach server via port 80 Resolution: sudo iptables -I INPUT -p tcp --dport 80 -j ACCEPT Issue: Pihole service crashes at random times Resolution: create a service watcher script 7. How to create a Backup via command line: cd ~/Desktop pihole -a teleporter ls ~/Desktop



Referensi